Judge Tosses Penalty Against Texas MD Anderson Cancer Center

$4.3 million penalty stemmed from two instances of lost, unencrypted USB drives containing patient data


The boom of information technology in healthcare has brought a host of benefits to patients, physicians and organizations. The expansion of technology has been especially evident as organizations have struggled through the COVID-19 pandemic have tried to remain accessible to patients. Embracing technology also comes with potential risks related to data security.

The U.S. Court of Appeals for the Fifth Circuit has vacated the $4.3 million civil monetary penalty against the University of Texas MD Anderson Cancer Center after two years and several lost appeals, according to Health IT Security. The penalty stemmed from two instances of lost, unencrypted USB drives containing patient data.

The judge ruled the decision by the U.S. Department of Health and Human Services to levy the massive fine against MD Anderson was “arbitrary, capricious, and contrary to law.” The highly publicized Office for Civil Rights settlement stemmed from two data breaches in 2012 and 2013. 

In the first instance, a criminal stole an unencrypted laptop that contained protected health information and research data in April 2012. The device contained the names, medical records numbers, treatments, research information, and some Social Security numbers, of about 29,201 patients.

Several months later, MD Anderson reported another data loss incident, where a trainee lost an unencrypted portable hard drive on a campus shuttle bus. Another unencrypted USB drive was lost in 2013, which also contained ePHI.

An OCR investigation found MD Anderson’s own risk analysis determined that its lack of device-level encryption posed a high risk to the privacy and security of the ePHI in its possession. Despite the risks, OCR alleged MD Anderson did not begin an enterprise-wide adoption of ePHI encryption until 2011.

Click here to read the article.



January 25, 2021


Topic Area: Information Technology


Recent Posts

The Impact of Acoustics on Patient Privacy

As healthcare facilities evolve toward more open and flexible care environments, acoustic privacy has become essential.


Texas Behavioral Health Center in Dallas Opens with Ribon-Cutting Ceremony

The 456,265-square-foot facility offers a variety of therapeutic, recreational and social spaces that prepare patients for life outside the hospital.


Banner Health to Sell Banner Lassen Medical Center to Quorum Health

The transaction is expected to be completed in December 2026, pending required regulatory approvals.


What Accessibility in Senior Care Facilities Should Look Like

The future of design for senior care facilities should go beyond compliance.


Why Identity Governance Is Becoming a Facilities Management Issue

As healthcare buildings grow more connected, weak identity controls can expose HVAC, security and other critical systems to serious risk.


 
 


FREE Newsletter Signup Form

News & Updates | Webcast Alerts
Building Technologies | & More!

 
 
 


All fields are required. This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

 
 
 
 

Healthcare Facilities Today membership includes free email newsletters from our facility-industry brands.

Facebook   Twitter   LinkedIn   Posts

Copyright © 2023 TradePress. All rights reserved.